记住我的PHP脚本 [英] Remember me PHP script
问题描述
大家好,
我创建了一个登录系统,用户可以在其中输入用户名和密码,验证后会将用户带到新页面,并在屏幕上显示他或她的名字,现在我要创建一个记住我我的登录屏幕中的功能,以便当用户选择记住我时,每次打开浏览器时都会记住用户名并保持登录状态,直到他们点击退出为止。我知道它可以通过使用Session和Cookies来完成,但我不知道我应该如何以及在哪里使用它们在我的代码中。以下是我的代码供您参考:
Login.php
你好,
请帮助我。我遇到了这个问题。
等你帮我们帮忙。
谢谢
< blockquote>嗨
这是你需要做的事情。
当用户登录时,你在服务器上放了一个会话,表明用户已经进入。同时您可以检查用户是否希望您记住他/她然后通过MD5功能加密用户名和密码并将它们放在长寿命的cookie上。
您需要做什么来记住如果包含用户名和密码的cookie存在或不存在,用户将检查每个页面,那么您不必再次要求它们。
我之所以说你必须使用MD5功能的原因是因为人们可以查看cookie中的信息,所以将它们放入没有加密的cookie中是不安全的/>
希望这有帮助
祝你好运
嗨。
是的,这是一般的想法。将唯一标识符放入cookie中,您可以使用它来重新打开会话,而无需再次请求登录信息。
我通常做的是创建一个哈希值几个数据,比如用户的姓名,密码和他连接的IP,并将其与用户ID一起放入cookie中。
然后,当他回来时,您可以重新创建该哈希值,并将新哈希值与cookie中的哈希值进行比较。如果它们匹配,您可以在不询问登录信息的情况下再次登录。
请注意,使用IP还可以保护(最多一点)免受cookie劫持。
我建议使用比MD5更强的散列算法。这是旧的,相对容易入侵。使用像SHA1这样的东西甚至是一个更强大的SHA变体就更安全了。
(查看 SHA1 和哈希)
Hi guys,
I have created a login system where user can enter their username and password which when validated will take user to new page with his or her name displayed on the screen, now I want to create a "Remember me" feature in my login screen so that when user select remember me it will remember user name everytime he or she opens the browser and remained logged in until they click on logout. I know it can be accomplished by using Session and Cookies but I have no idea how and where should I use them in my code. Here is my code for your reference:
Login.php
Hi Guys,
Please help me. I am stuck with this problem.
Waiting for you guys to help me out.
Thanks
Hi
Here is what you have to do.
When a user logs in you put a session on the server which shows that the user is loged in. At the same time you can check if the user wants you to remember him/her then encrypt the username and password by MD5 function and put them on a cookie with a long lifetime.
What you need to do to remember the user is to check on each page if the cookie containing username and password exists or not then you don''t have to ask for them again.
the reason i''m saying that you have to use MD5 function is because people can view information inside cookies, so it wont be secure to put them in a cookie without encryption
Hope this helps
Good luck
Hi.
Yes, that is the general idea. Put a unique identifier into a cookie, which you can use to re-open a session without having to ask for the login info again.
What I usually do is create a hash out of several pieces of data, like say the user''s name, password and the IP he is connecting from, and put that into a cookie, along with the user ID.
Then, when he comes back, you can re-create that hash and compare the new one with the one in the cookie. If they match, you can log him in again without asking for the login info.
Note that using the IP also protects (up to a point) against cookie hijacking.
I would advise using a hashing algorithm stronger than MD5 tho. It''s old and relatively easy to hack. Using something like SHA1 or even one of the stronger variants of SHA is far more secure.
(Check out SHA1 and hash)
这篇关于记住我的PHP脚本的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
登录 关闭
